Set Your Web House In Order
Thus say the Lord : Set your house in order.
After TCS Website Hacking Incident:
Put your web site in order! Otherwise be ready to see a message as “ This domain name is for sale. Please contact us for further information”
In what could be considered as a potential embarrassment to top Indian IT service majors, TCS website hacking incident in this month ( February 2010 ) – the news of the same spread like wild fire – thanks to media and social networks. What are the takeaways from the incident ?
It is said that, it is breach of DNS Name Server, the domain name registrar being Network Solutions, in this case. The incident can be briefed as, the hacker(s) got entry in to the domain name servers and altered it entries against tcs.com; so that the dns entry is redirected to another site. Whether it is a typical “pharming” attack or a “email phishing” is not known yet. Though it is external, it does not save TCS from excusing itself as its reputation is at stake.
Dinesh O Bareja, CISA, CISM, an information security consultant in India says “My take is that if the world looks up to you for excellence, then it is very important to keep in your house in order. Tata has a large data center and hosting facility; Tata Communications is an ISP, so why does TCS needs to involve outside vendors?”
One of the fundamental question asked is what sort of SLA we have with our domain registrars. And in turn, what sort of regular vulnerability assessment is done on the registry servers.
This apart, there is news that the hackers location of recent China’s online invasion in to Google and other servers in USA, has been identified. These are two educational institutions in China. Shanghai Jiaotang University and Lanxiang Vocational School. These institutions are said to be running top computer science programs, producing and supplying computer scientists to Chinese Military. A web security professor of the institutions has reportedly told: “Actually students hacking in to foreign websites are quite normal. I believe that there are two kind of situations. One it is individual activity of wrong doing done by one or two geek students, who are keen on experimenting the hacking skills learned, or it could be that university’s ip address is hijacked by others”
The threat is real. Let us resolve to put our house in order.
/Malick.
